Hello, so I have hit a bit of a problem with recently learned software defined networking
I created DHCP zone and network by following tutorial from wiki (Setup Simple Zone With SNAT and DHCP)
After that I changed network config of existing LXC containers to use newly created VNet with DHCP IP address setup, but hit an issue where containers can't use internet at all unless I turn off firewall. After a bit of "scientific research" I narrowed it down to IP filter. Then I checked iptables (with ping-flooding) and well, it led me to
Following text wall is a part of
Then I used
...and, it's empty?
^ VNet I created in case it is needed, let me know if more info is needed
+ Proxmox Virtual Environment 8.2.7
+ bare metal
(also P.S.: I believe that I hit same issue on another proxmox instance as well while moving everything from old "DIY" SNAT bridge, same symptoms of net not working with firewall etc.)
I created DHCP zone and network by following tutorial from wiki (Setup Simple Zone With SNAT and DHCP)
After that I changed network config of existing LXC containers to use newly created VNet with DHCP IP address setup, but hit an issue where containers can't use internet at all unless I turn off firewall. After a bit of "scientific research" I narrowed it down to IP filter. Then I checked iptables (with ping-flooding) and well, it led me to
! match-set PVEFW-101-ipfilter-net0-v4 src rule.Following text wall is a part of
iptables -L -v -n
Code:
Chain veth101i0-OUT (1 references)
pkts bytes target prot opt in out source destination
0 0 PVEFW-SET-ACCEPT-MARK 17 -- * * 0.0.0.0/0 0.0.0.0/0 [goto] udp spt:68 dpt:67
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 MAC ! bc:24:11:xx:xx:xx
716 204K DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 ! match-set PVEFW-101-ipfilter-net0-v4 src
0 0 MARK 0 -- * * 0.0.0.0/0 0.0.0.0/0 MARK and 0x7fffffff
0 0 PVEFW-SET-ACCEPT-MARK 0 -- * * 0.0.0.0/0 0.0.0.0/0 [goto]
0 0 0 -- * * 0.0.0.0/0 0.0.0.0/0 /* PVESIG:xxxxxxxxxxxxxxxxxxxxxxx */Then I used
ipset list PVEFW-101-ipfilter-net0-v4 to see if this list is incorrect...
Code:
Name: PVEFW-101-ipfilter-net0-v4
Type: hash:net
Revision: 7
Header: family inet hashsize 64 maxelem 64 bucketsize 12 initval 0xc0819f69
Size in memory: 456
References: 1
Number of entries: 0
Members:Did I do something wrong? Why is this list empty, when I suppose it shouldn't be this way?
^ VNet I created in case it is needed, let me know if more info is needed
+ Proxmox Virtual Environment 8.2.7
+ bare metal
(also P.S.: I believe that I hit same issue on another proxmox instance as well while moving everything from old "DIY" SNAT bridge, same symptoms of net not working with firewall etc.)
Last edited: